diff options
author | Eamon Doyle <eamonjd@arista.com> | 2022-04-14 08:53:54 +0100 |
---|---|---|
committer | Denis Ovsienko <denis@ovsienko.info> | 2023-04-10 23:43:48 +0100 |
commit | 9c37f53ddedfd335c5b16b240ec5730dff522c7b (patch) | |
tree | 15147721babaa85ee7f396c5fd43d4112d32cfaa | |
parent | 11b62366cb1b48b596ecf4fb3f4e817f70378d00 (diff) | |
download | tcpdump-9c37f53ddedfd335c5b16b240ec5730dff522c7b.tar.gz |
bootp/dhcp6: DHCPv4/v6 ZTP and SZTP option support
DHCPv4: RFC8572 specifies the SZTP redirect tag.
DHCPv6: RFC5970 specifies the boot file URL, used for ZTP,
and RFC8572 specifies the SZTP redirect tag
The base DHCPv6 RFC3315 specifies the user class option.
-rw-r--r-- | CHANGES | 3 | ||||
-rw-r--r-- | print-bootp.c | 37 | ||||
-rw-r--r-- | print-dhcp6.c | 39 | ||||
-rw-r--r-- | tests/TESTLIST | 3 | ||||
-rw-r--r-- | tests/dhcpv4v6-rfc5970-rfc8572.out | 76 | ||||
-rw-r--r-- | tests/dhcpv4v6-rfc5970-rfc8572.pcap | bin | 0 -> 3944 bytes |
6 files changed, 158 insertions, 0 deletions
@@ -1,6 +1,9 @@ DayOfTheWeek, Month DD, YYYY / The Tcpdump Group Summary for 5.0.0 tcpdump release (so far!) Refine protocol decoding for: + DHCP: parse the SZTP redirect tag + DHCP6: parse the user class, boot file URL, and SZTP redirect + options OpenFlow 1.0: Fix indentation of PORT_MOD, improve handling of some lengths, and fix handling of snapend. RIP: Make a couple trivial protocol updates. diff --git a/print-bootp.c b/print-bootp.c index d5418d97..227ed410 100644 --- a/print-bootp.c +++ b/print-bootp.c @@ -194,6 +194,8 @@ struct bootp { /* RFC 3442 */ #define TAG_CLASSLESS_STATIC_RT ((uint8_t) 121) #define TAG_CLASSLESS_STA_RT_MS ((uint8_t) 249) +/* RFC8572 */ +#define TAG_SZTP_REDIRECT ((uint8_t) 143) /* RFC 5859 - TFTP Server Address Option for DHCPv4 */ #define TAG_TFTP_SERVER_ADDRESS ((uint8_t) 150) /* https://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xhtml */ @@ -506,6 +508,8 @@ static const struct tok tag2str[] = { /* RFC 3442 */ { TAG_CLASSLESS_STATIC_RT, "$Classless-Static-Route" }, { TAG_CLASSLESS_STA_RT_MS, "$Classless-Static-Route-Microsoft" }, +/* RFC 8572 */ + { TAG_SZTP_REDIRECT, "$SZTP-Redirect" }, /* RFC 5859 - TFTP Server Address Option for DHCPv4 */ { TAG_TFTP_SERVER_ADDRESS, "iTFTP-Server-Address" }, /* https://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xhtml#options */ @@ -993,6 +997,39 @@ rfc1048_print(netdissect_options *ndo, break; } + + case TAG_SZTP_REDIRECT: + /* as per https://datatracker.ietf.org/doc/html/rfc8572#section-8.3 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-...-+-+-+-+-+-+-+ + | uri-length | URI | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-...-+-+-+-+-+-+-+ + + * uri-length: 2 octets long; specifies the length of the URI data. + * URI: URI of the SZTP bootstrap server. + */ + while (len >= 2) { + suboptlen = GET_BE_U_2(bp); + bp += 2; + len -= 2; + ND_PRINT("\n\t "); + ND_PRINT("length %u: ", suboptlen); + if (len < suboptlen) { + ND_PRINT("length goes past end of option"); + bp += len; + len = 0; + break; + } + ND_PRINT("\""); + nd_printjn(ndo, bp, suboptlen); + ND_PRINT("\""); + len -= suboptlen; + bp += suboptlen; + } + if (len != 0) { + ND_PRINT("[ERROR: length < 2 bytes]"); + } + break; + default: ND_PRINT("[unknown special tag %u, size %u]", tag, len); diff --git a/print-dhcp6.c b/print-dhcp6.c index 6b0dc213..7e7d1246 100644 --- a/print-dhcp6.c +++ b/print-dhcp6.c @@ -188,8 +188,10 @@ struct dhcp6_relay { # define DH6OPT_NTP_SUBOPTION_SRV_ADDR 1 # define DH6OPT_NTP_SUBOPTION_MC_ADDR 2 # define DH6OPT_NTP_SUBOPTION_SRV_FQDN 3 +#define DH6OPT_BOOTFILE_URL 59 /* RFC5970 */ #define DH6OPT_AFTR_NAME 64 #define DH6OPT_MUDURL 112 +#define DH6OPT_SZTP_REDIRECT 136 /* RFC8572 */ static const struct tok dh6opt_str[] = { { DH6OPT_CLIENTID, "client-ID" }, @@ -239,8 +241,10 @@ static const struct tok dh6opt_str[] = { { DH6OPT_LQ_RELAY_DATA, "LQ-relay-data" }, { DH6OPT_LQ_CLIENT_LINK, "LQ-client-link" }, { DH6OPT_NTP_SERVER, "NTP-server" }, + { DH6OPT_BOOTFILE_URL, "Bootfile-URL" }, { DH6OPT_AFTR_NAME, "AFTR-Name" }, { DH6OPT_MUDURL, "MUD-URL" }, + { DH6OPT_SZTP_REDIRECT, "SZTP-redirect" }, { 0, NULL } }; @@ -290,6 +294,8 @@ dhcp6opt_print(netdissect_options *ndo, uint16_t subopt_len; uint8_t dh6_reconf_type; uint8_t dh6_lq_query_type; + u_int first_list_value; + uint16_t remainder_len; if (cp == ep) return; @@ -784,6 +790,39 @@ dhcp6opt_print(netdissect_options *ndo, ND_PRINT(")"); break; + case DH6OPT_BOOTFILE_URL: + tp = (const u_char *)(dh6o + 1); + ND_PRINT(" "); + nd_printjn(ndo, tp, optlen); + ND_PRINT(")"); + break; + + case DH6OPT_SZTP_REDIRECT: + case DH6OPT_USER_CLASS: + ND_PRINT(" "); + tp = (const u_char *)(dh6o + 1); + first_list_value = TRUE; + remainder_len = optlen; + while (remainder_len >= 2) { + if (first_list_value == FALSE) { + ND_PRINT(","); + } + first_list_value = FALSE; + subopt_len = GET_BE_U_2(tp); + if (subopt_len > remainder_len-2) { + break; + } + tp += 2; + nd_printjn(ndo, tp, subopt_len); + tp += subopt_len; + remainder_len -= (subopt_len+2); + } + if (remainder_len != 0 ) { + ND_PRINT(" ?"); + } + ND_PRINT(")"); + break; + default: ND_PRINT(")"); break; diff --git a/tests/TESTLIST b/tests/TESTLIST index 1e115b6c..bdb88273 100644 --- a/tests/TESTLIST +++ b/tests/TESTLIST @@ -904,3 +904,6 @@ gquic gquic.pcap gquic.out -v # GRE keepalives, CDP over GRE various_gre various_gre.pcap various_gre.out -v + +# DHCP ZTP(RFC5970) and SZTP(RFC8572) tests +dhcpv4v6-rfc5970-rfc8572 dhcpv4v6-rfc5970-rfc8572.pcap dhcpv4v6-rfc5970-rfc8572.out -vv diff --git a/tests/dhcpv4v6-rfc5970-rfc8572.out b/tests/dhcpv4v6-rfc5970-rfc8572.out new file mode 100644 index 00000000..bc0e8c6a --- /dev/null +++ b/tests/dhcpv4v6-rfc5970-rfc8572.out @@ -0,0 +1,76 @@ + 1 13:35:23.334910 IP6 (flowlabel 0x03f85, hlim 1, next-header UDP (17) payload length: 80) fe80::200:1ff:fe01:0.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=6aebe6 (vendor-specific-info) (client-ID hwaddr/time type 1 time 701530515 000001010000) (option-request SZTP-redirect DNS-search-list DNS-server) (elapsed-time 703) (IA_NA IAID:16842752 T1:3600 T2:5400)) + 2 13:35:45.614434 IP6 (flowlabel 0x03f85, hlim 1, next-header UDP (17) payload length: 80) fe80::200:1ff:fe01:0.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=aca407 (vendor-specific-info) (client-ID hwaddr/time type 1 time 701530515 000001010000) (option-request SZTP-redirect DNS-search-list DNS-server) (elapsed-time 0) (IA_NA IAID:16842752 T1:3600 T2:5400)) + 3 13:35:45.618584 IP6 (flowlabel 0xe612c, hlim 64, next-header UDP (17) payload length: 281) fe80::cc0d:b4ff:fe8a:3384.547 > fe80::200:1ff:fe01:0.546: [udp sum ok] dhcp6 advertise (xid=aca407 (IA_NA IAID:16842752 T1:0 T2:0 (IA_ADDR 1234:5678::4 pltime:18000 vltime:28800)) (client-ID hwaddr/time type 1 time 701530515 000001010000) (server-ID hwaddr/time type 1 time 701530524 ce0db48a3384) (SZTP-redirect https://sztp1.download.com,https://sztp2.download.com:8080,https://10.10.0.0,https://10.10.0.0:8000,https://[2001:4860:4860::8888]:8080) (DNS-search-list aristanetworks.com.) (DNS-server 1234:5678::2)) + 4 13:35:46.635774 IP6 (flowlabel 0x03f85, hlim 1, next-header UDP (17) payload length: 126) fe80::200:1ff:fe01:0.546 > ff02::1:2.547: [udp sum ok] dhcp6 request (xid=5f98e6 (vendor-specific-info) (client-ID hwaddr/time type 1 time 701530515 000001010000) (server-ID hwaddr/time type 1 time 701530524 ce0db48a3384) (option-request SZTP-redirect DNS-search-list DNS-server) (elapsed-time 0) (IA_NA IAID:16842752 T1:3600 T2:5400 (IA_ADDR 1234:5678::4 pltime:7200 vltime:7500))) + 5 13:35:46.638223 IP6 (flowlabel 0xe612c, hlim 64, next-header UDP (17) payload length: 281) fe80::cc0d:b4ff:fe8a:3384.547 > fe80::200:1ff:fe01:0.546: [udp sum ok] dhcp6 reply (xid=5f98e6 (IA_NA IAID:16842752 T1:0 T2:0 (IA_ADDR 1234:5678::4 pltime:7200 vltime:28800)) (client-ID hwaddr/time type 1 time 701530515 000001010000) (server-ID hwaddr/time type 1 time 701530524 ce0db48a3384) (SZTP-redirect https://sztp1.download.com,https://sztp2.download.com:8080,https://10.10.0.0,https://10.10.0.0:8000,https://[2001:4860:4860::8888]:8080) (DNS-search-list aristanetworks.com.) (DNS-server 1234:5678::2)) + 6 13:56:39.000073 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328) + 0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 00:00:44:01:00:00, length 300, xid 0x796a827d, Flags [none] (0x0000) + Client-Ethernet-Address 00:00:44:01:00:00 + Vendor-rfc1048 Extensions + Magic Cookie 0x63825363 + DHCP-Message (53), length 1: Discover + Parameter-Request (55), length 10: + MTU (26), Subnet-Mask (1), BR (28), Default-Gateway (3) + Domain-Name (15), Domain-Name-Server (6), LOG (7), Hostname (12) + SZTP-Redirect (143), Classless-Static-Route (121) + Vendor-Class (60), length 6: "Arista" + Client-ID (61), length 6: "^@D^A^@^@" + 7 13:56:40.003200 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 469) + 10.10.0.2.67 > 10.10.0.4.68: [udp sum ok] BOOTP/DHCP, Reply, length 441, xid 0x796a827d, Flags [none] (0x0000) + Your-IP 10.10.0.4 + Client-Ethernet-Address 00:00:44:01:00:00 + Vendor-rfc1048 Extensions + Magic Cookie 0x63825363 + DHCP-Message (53), length 1: Offer + Server-ID (54), length 4: 10.10.0.2 + Lease-Time (51), length 4: 28800 + MTU (26), length 2: 1500 + Subnet-Mask (1), length 4: 255.255.0.0 + Default-Gateway (3), length 4: 10.10.0.1 + Domain-Name (15), length 18: "aristanetworks.com" + Domain-Name-Server (6), length 4: 10.10.0.1 + SZTP-Redirect (143), length 141: + length 26: "https://sztp1.download.com" + length 31: "https://sztp2.download.com:8080" + length 17: "https://10.10.0.0" + length 22: "https://10.10.0.0:8000" + length 35: "https://[2001:4860:4860::8888]:8080" + 8 13:56:40.003500 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328) + 0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 00:00:44:01:00:00, length 300, xid 0x796a827d, Flags [none] (0x0000) + Client-Ethernet-Address 00:00:44:01:00:00 + Vendor-rfc1048 Extensions + Magic Cookie 0x63825363 + DHCP-Message (53), length 1: Request + Server-ID (54), length 4: 10.10.0.2 + Requested-IP (50), length 4: 10.10.0.4 + Parameter-Request (55), length 10: + MTU (26), Subnet-Mask (1), BR (28), Default-Gateway (3) + Domain-Name (15), Domain-Name-Server (6), LOG (7), Hostname (12) + SZTP-Redirect (143), Classless-Static-Route (121) + Vendor-Class (60), length 6: "Arista" + Client-ID (61), length 6: "^@D^A^@^@" + 9 13:56:40.005894 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 469) + 10.10.0.2.67 > 10.10.0.4.68: [udp sum ok] BOOTP/DHCP, Reply, length 441, xid 0x796a827d, Flags [none] (0x0000) + Your-IP 10.10.0.4 + Client-Ethernet-Address 00:00:44:01:00:00 + Vendor-rfc1048 Extensions + Magic Cookie 0x63825363 + DHCP-Message (53), length 1: ACK + Server-ID (54), length 4: 10.10.0.2 + Lease-Time (51), length 4: 28800 + MTU (26), length 2: 1500 + Subnet-Mask (1), length 4: 255.255.0.0 + Default-Gateway (3), length 4: 10.10.0.1 + Domain-Name (15), length 18: "aristanetworks.com" + Domain-Name-Server (6), length 4: 10.10.0.1 + SZTP-Redirect (143), length 141: + length 26: "https://sztp1.download.com" + length 31: "https://sztp2.download.com:8080" + length 17: "https://10.10.0.0" + length 22: "https://10.10.0.0:8000" + length 35: "https://[2001:4860:4860::8888]:8080" + 10 14:15:10.112658 IP6 (flowlabel 0x03f85, hlim 1, next-header UDP (17) payload length: 80) fe80::200:1ff:fe01:0.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=28792a (vendor-specific-info) (client-ID hwaddr/time type 1 time 701792102 000001010000) (option-request Bootfile-URL DNS-search-list DNS-server) (elapsed-time 754) (IA_NA IAID:16842752 T1:3600 T2:5400)) + 11 14:15:33.148466 IP6 (flowlabel 0x1570c, hlim 64, next-header UDP (17) payload length: 157) fe80::40d3:61ff:fe62:3810.547 > fe80::200:1ff:fe01:0.546: [udp sum ok] dhcp6 advertise (xid=654242 (IA_NA IAID:16842752 T1:0 T2:0 (IA_ADDR 1234:5678::4 pltime:18000 vltime:28800)) (client-ID hwaddr/time type 1 time 701792102 000001010000) (server-ID hwaddr/time type 1 time 701792110 42d361623810) (Bootfile-URL my-startup-config) (DNS-search-list aristanetworks.com.) (DNS-server 1234:5678::2)) + 12 14:15:34.152941 IP6 (flowlabel 0x03f85, hlim 1, next-header UDP (17) payload length: 126) fe80::200:1ff:fe01:0.546 > ff02::1:2.547: [udp sum ok] dhcp6 request (xid=becafa (vendor-specific-info) (client-ID hwaddr/time type 1 time 701792102 000001010000) (server-ID hwaddr/time type 1 time 701792110 42d361623810) (option-request Bootfile-URL DNS-search-list DNS-server) (elapsed-time 0) (IA_NA IAID:16842752 T1:3600 T2:5400 (IA_ADDR 1234:5678::4 pltime:7200 vltime:7500))) + 13 14:15:34.156427 IP6 (flowlabel 0x1570c, hlim 64, next-header UDP (17) payload length: 157) fe80::40d3:61ff:fe62:3810.547 > fe80::200:1ff:fe01:0.546: [udp sum ok] dhcp6 reply (xid=becafa (IA_NA IAID:16842752 T1:0 T2:0 (IA_ADDR 1234:5678::4 pltime:7200 vltime:28800)) (client-ID hwaddr/time type 1 time 701792102 000001010000) (server-ID hwaddr/time type 1 time 701792110 42d361623810) (Bootfile-URL my-startup-config) (DNS-search-list aristanetworks.com.) (DNS-server 1234:5678::2)) + 14 08:08:32.009292 IP6 (flowlabel 0x09903, hlim 1, next-header UDP (17) payload length: 138) fe80::200:44ff:fe01:0.546 > ff02::1:2.547: [udp sum ok] dhcp6 inf-req (xid=b5fcf (vendor-specific-info) (client-ID hwaddr type 1 000044010000) (option-request Bootfile-URL DNS-search-list DNS-server) (elapsed-time 331) (user-class Arista;Test-Dhcpv6Discover;4.21.XX)) diff --git a/tests/dhcpv4v6-rfc5970-rfc8572.pcap b/tests/dhcpv4v6-rfc5970-rfc8572.pcap Binary files differnew file mode 100644 index 00000000..e4937d07 --- /dev/null +++ b/tests/dhcpv4v6-rfc5970-rfc8572.pcap |